Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Uncategorized

DMSniff POS Malware has flown under the radar for at least four years

Malware researchers at Flashpoint revealed that at least since 2016, a PoS malware dubbed DMSniff has flown under the radar. Malware researchers at Flashpoint revealed that since 2016, a PoS malware dubbed DMSniff has been involved in breaches of small- and medium-sized businesses in the restaurant and entertainment industries. DMSniff leverages a domain generation algorithm […]

DMSniff

Malware researchers at Flashpoint revealed that at least since 2016, a PoS malware dubbed DMSniff has flown under the radar.

Malware researchers at Flashpoint revealed that since 2016, a PoS malware dubbed DMSniff has been involved in breaches of small- and medium-sized businesses in the restaurant and entertainment industries.

DMSniff leverages a domain generation algorithm to create command-and-control domains on the fly, a technical choice that make it hard takedown of C2 infrastructure by law enforcement and that is uncommon for PoS malware.
DMSniff will loop between multiple top-level domains (TLDs) until it manages to find a command-and-control server (C&C) to connect with.
DMSniff uses multiple techniques to protect itself and the C2 communications, including a simple string-encoding routine that hides strings associated with the malware.

“Point-of-sale malware previously only privately sold has been used in breaches of small- and medium-sized businesses in the restaurant and entertainment industries. The malware, known as DMSniff, also uses a domain generation algorithm (DGA) to create lists of command-and-control domains on the fly. ” reads the analysis published by Flashpoint.

DMSniff remained under the radar for at least four years, attackers use to drop the PoS malware on the devices either by using brute-force attacks against SSH connections, or by exploiting vulnerabilities.

DMSniff

In order to steal credit card data from the POS systems, the malware search for interesting process and loops through the memory sections to attempt to find credit card data.

“Each time it finds an interesting process, it will loop through the memory sections to attempt to find a credit card number.” continues the analysis. “Once a number is found, the bot will take the card data and some of the surrounding memory, packages it, and sends it to the C2.”

Further details about the DMSniff, including indicators of compromise (IoCs), are reported in the analysis published by Flashpoint.

“DMSniff is another name in a growing list of evolving threats for the point-of-sale malware world. During our research we found that this malware was primarily utilized to target small to medium sized businesses such as restaurants and theaters.” concludes the experts. “It also contains a domain generation algorithm, something that is rare to see in point-of-sale malware”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – SDMSniff point-of-sale malware )

[adrotate banner=”5″]

[adrotate banner=”13″]